Files
File Path
|
Type
|
Category
|
Malicious
|
|
---|---|---|---|---|
C:\Users\user\Downloads\24899aa3-5d91-48ed-9a99-f5d74544fd48.tmp
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
C:\Users\user\Downloads\6f8b900e-14a9-4101-a677-fe9d5f684a7a.tmp
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
C:\Users\user\Downloads\Communication Planning Proposal.pdf.crdownload
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log
|
data
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)
|
ASCII text
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-240522163103Z-153.bmp
|
PC bitmap, Windows 3.x format, 117 x -152 x 32, cbSize 71190, bits offset 54
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 15, database pages 21, cookie 0x5, schema 4,
UTF-8, version-valid-for 15
|
dropped
|
||
C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeFnt23.lst.6960
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt23.lst (copy)
|
PostScript document text
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\ACROBAT_READER_MASTER_SURFACEID
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Home_View_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_FirstMile_Right_Sec_Surface
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_READER_LAUNCH_CARD
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Convert_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Disc_LHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Edit_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Home_LHP_Trial_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_More_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Intent_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_RHP_Retention
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Sign_LHP_Banner
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\DC_Reader_Upsell_Cards
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\Edit_InApp_Aug2020
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING
|
data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json
|
JSON data
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents
|
SQLite 3.x database, last written using SQLite version 3040000, file counter 25, database pages 3, cookie 0x2, schema 4, UTF-8,
version-valid-for 25
|
dropped
|
||
C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal
|
SQLite Rollback Journal
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\MSI16eec.LOG
|
Unicode text, UTF-16, little-endian text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2024-05-22 12-31-01-293.log
|
ASCII text, with very long lines (393)
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log
|
ASCII text, with very long lines (393), with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt
|
ASCII text, with CRLF line terminators
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\03b26d9a-55d7-4161-b7c6-a4ae388ce1d3.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 299538
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\663318dd-59da-45b2-a50c-89454b71573f.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 5111142
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\735dcc95-d972-4a62-b6ff-481b00ed688e.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 33081
|
dropped
|
||
C:\Users\user\AppData\Local\Temp\acrocef_low\a0e49b7b-110b-4ae0-bdd8-53a5de0c7bc5.tmp
|
gzip compressed data, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1311022
|
dropped
|
||
C:\Users\user\Downloads\6330329a-4e09-4b04-bb8d-4088da5120d1.tmp
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
C:\Users\user\Downloads\Communication Planning Proposal.pdf (copy)
|
PDF document, version 1.7, 1 pages
|
dropped
|
||
Chrome Cache Entry: 159
|
ASCII text, with very long lines (60798)
|
downloaded
|
||
Chrome Cache Entry: 160
|
ASCII text, with very long lines (64708)
|
downloaded
|
||
Chrome Cache Entry: 161
|
Web Open Font Format (Version 2), TrueType, length 59820, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 162
|
PDF document, version 1.7, 1 pages
|
downloaded
|
||
Chrome Cache Entry: 163
|
HTML document, ASCII text, with very long lines (4207)
|
downloaded
|
||
Chrome Cache Entry: 164
|
JSON data
|
dropped
|
||
Chrome Cache Entry: 165
|
JSON data
|
downloaded
|
||
Chrome Cache Entry: 166
|
Web Open Font Format (Version 2), TrueType, length 66348, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 167
|
Unicode text, UTF-8 text, with very long lines (57316)
|
downloaded
|
||
Chrome Cache Entry: 168
|
Web Open Font Format (Version 2), TrueType, length 59708, version 1.0
|
downloaded
|
||
Chrome Cache Entry: 169
|
ASCII text, with very long lines (4249)
|
downloaded
|
||
Chrome Cache Entry: 170
|
ASCII text, with very long lines (5522), with no line terminators
|
downloaded
|
There are 48 hidden files, click here to show them.
Processes
Path
|
Cmdline
|
Malicious
|
|
---|---|---|---|
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US
--service-sandbox-type=none --mojo-platform-channel-handle=2116 --field-trial-handle=2024,i,2258071610979867527,7664926889758776090,262144
--disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction
/prefetch:8
|
||
C:\Program Files\Google\Chrome\Application\chrome.exe
|
"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\Communication Planning Proposal.pdf"
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
|
||
C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
|
"C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService
--lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0"
--lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log"
--mojo-platform-channel-handle=2124 --field-trial-handle=1520,i,11207774893732880204,2067284321435277106,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker
/prefetch:8
|
URLs
Name
|
IP
|
Malicious
|
|
---|---|---|---|
https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite
|
|||
http://www.apache.org/licenses/LICENSE-2.0
|
unknown
|
||
https://app.frame.io/static/modernizr-176bd4500116dd44f04a.js
|
99.86.4.68
|
||
file:///C:/Users/user/Downloads/Communication%20Planning%20Proposal.pdf
|
|||
http://kiro.me)
|
unknown
|
||
https://github.com/tunnckoCore/is-hexcolor
|
unknown
|
||
https://api.frame.io/v2/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1/vanity
|
52.205.94.167
|
||
https://reporting-api-collector.sandbox.frame.io/v1/events
|
52.222.214.119
|
||
https://api.frame.io/v2/projects/63167726-9469-4649-b9bc-1573a798855e/membership
|
52.205.94.167
|
||
http://fb.me/use-check-prop-types
|
unknown
|
||
https://www.google.com/analytics/tag-manager/
|
unknown
|
||
http://google.com/analytics
|
unknown
|
||
https://app.frame.io/static/application-3cf48c31.js
|
99.86.4.68
|
||
https://jquery.org/license
|
unknown
|
||
https://app.frame.io/static/presentation-v2-69a8f343.js
|
99.86.4.68
|
||
https://app.frame.io/static/application-3cf48c31.css
|
99.86.4.68
|
||
https://chrome.cloudflare-dns.com/dns-query
|
162.159.61.3
|
||
https://jquery.com/
|
unknown
|
||
https://static-assets.frame.io/onboarding/collab-cta-bg%402x.jpg
|
unknown
|
||
https://app.frame.io/static/AvenirNext-Medium-9ab29c0a.woff2
|
99.86.4.68
|
||
http://www.tunnckocore.tk)
|
unknown
|
||
https://app.frame.io/static/AvenirNext-DemiBold-6075178f.woff2
|
99.86.4.68
|
||
https://ml412758d79256126a78df79ce0a18qk.pages.dev/)
|
unknown
|
||
https://help.frame.io/en/articles/9084073-frame-io-v4-v3-feature-comparison
|
unknown
|
||
https://app.frame.io/static/AvenirNext-Regular-da92ca69.woff2
|
99.86.4.68
|
||
https://app.frame.io/static/vendor-b8616475.js
|
99.86.4.68
|
||
https://github.com/js-cookie/js-cookie
|
unknown
|
||
https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite
|
|||
https://www.dropbox.com/static/api/2/dropins.js
|
162.125.66.18
|
||
http://fusejs.io)
|
unknown
|
||
https://sizzlejs.com/
|
unknown
|
||
https://js.foundation/
|
unknown
|
||
http://jedwatson.github.io/classnames
|
unknown
|
There are 22 hidden URLs, click here to show them.
Domains
Name
|
IP
|
Malicious
|
|
---|---|---|---|
chrome.cloudflare-dns.com
|
162.159.61.3
|
||
reporting-api-collector.sandbox.frame.io
|
52.222.214.119
|
||
assets.frame.io
|
18.238.243.10
|
||
api.frame.io
|
52.205.94.167
|
||
www-env.dropbox-dns.com
|
162.125.66.18
|
||
www.google.com
|
216.58.212.132
|
||
app.frame.io
|
99.86.4.68
|
||
fp2e7a.wpc.phicdn.net
|
192.229.221.95
|
||
www.dropbox.com
|
unknown
|
IPs
IP
|
Domain
|
Country
|
Malicious
|
|
---|---|---|---|---|
18.239.18.117
|
unknown
|
United States
|
||
162.125.66.18
|
www-env.dropbox-dns.com
|
United States
|
||
18.238.243.109
|
unknown
|
United States
|
||
216.58.212.132
|
www.google.com
|
United States
|
||
192.168.2.16
|
unknown
|
unknown
|
||
192.168.2.4
|
unknown
|
unknown
|
||
52.205.94.167
|
api.frame.io
|
United States
|
||
99.86.4.68
|
app.frame.io
|
United States
|
||
18.238.243.10
|
assets.frame.io
|
United States
|
||
34.224.238.252
|
unknown
|
United States
|
||
162.159.61.3
|
chrome.cloudflare-dns.com
|
United States
|
||
239.255.255.250
|
unknown
|
Reserved
|
||
23.56.162.185
|
unknown
|
United States
|
||
52.222.214.119
|
reporting-api-collector.sandbox.frame.io
|
United States
|
||
18.244.155.70
|
unknown
|
United States
|
There are 5 hidden IPs, click here to show them.
Registry
Path
|
Value
|
Malicious
|
|
---|---|---|---|
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
tFileSource
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sFileAncestors
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
uPageCount
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
sAssetId
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c1
|
bisSharedFile
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
aFS
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tDIText
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
tFileName
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDI
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
sDate
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uFileSize
|
||
HKEY_CURRENT_USER\SOFTWARE\Adobe\Adobe Acrobat\DC\AVGeneral\cRecentFiles\c2
|
uPageCount
|
There are 8 hidden registries, click here to show them.
DOM / HTML
URL
|
Malicious
|
|
---|---|---|
https://app.frame.io/presentations/52095d75-78f4-40d2-8ecd-505b67097ee1?component_clicked=digest_call_to_action&email_id=1d128434-b5ec-4195-8c8c-860eac345853&email_type=pending-reviewer-invite
|
||
file:///C:/Users/user/Downloads/Communication%20Planning%20Proposal.pdf
|
||
file:///C:/Users/user/Downloads/Communication%20Planning%20Proposal.pdf
|
||
file:///C:/Users/user/Downloads/Communication%20Planning%20Proposal.pdf
|